National Cyber Awareness System

Vulnerability Summary for CVE-2009-4881

Overview

Integer overflow in the __vstrfmon_l function in stdlib/strfmon_l.c in the strfmon implementation in the GNU C Library (aka glibc or libc6) before 2.10.1 allows context-dependent attackers to cause a denial of service (application crash) via a crafted format string, as demonstrated by the %99999999999999999999n string, a related issue to CVE-2008-1391.

Impact

CVSS Severity (version 2.0):

CVSS Version 2 Metrics:

References to Advisories, Solutions, and Tools

By selecting these links, you will be leaving NIST webspace. We have provided these links to other web sites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other web sites that are more appropriate for your purpose. NIST does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, NIST does not endorse any commercial products that may be mentioned on these sites. Please address comments about this page to nvd@nist.gov.

External Source: CONFIRM

Name: http://sourceware.org/git/?p=glibc.git;a=commit;h=153aa31b93be22e01b236375fb02a9f9b9a0195f

Type: Patch Information

Hyperlink:http://sourceware.org/git/?p=glibc.git;a=commit;h=153aa31b93be22e01b236375fb02a9f9b9a0195f

External Source: XF

Name: gnuclibrary-vstrfmonl-overflow(59241)

Hyperlink:http://xforce.iss.net/xforce/xfdb/59241

External Source: MANDRIVA

Name: MDVSA-2010:111

Hyperlink:http://www.mandriva.com/security/advisories?name=MDVSA-2010:111

External Source: DEBIAN

Name: DSA-2058

Hyperlink:http://www.debian.org/security/2010/dsa-2058

External Source: CONFIRM

Name: http://sources.redhat.com/bugzilla/show_bug.cgi?id=10600

Hyperlink:http://sources.redhat.com/bugzilla/show_bug.cgi?id=10600

External Source: GENTOO

Name: GLSA-201011-01

Hyperlink:http://security.gentoo.org/glsa/glsa-201011-01.xml